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(57) ABSTRACT 

A method and system identify programming code that is 
appropriate to the architecture and capabilities of a set-top 
terminal in a cable television system. The appropriate pro- 
gramming code is identified from among a variety of code 
objects being broadcast from the headend facility of the 
cable television system. A platform identifier stored in the 
set-top terminal is matched to a corresponding platform 
identifier in an entitlement management message or other 
download locator message that specifies where in the trans- 
port stream from the headend a particular code object can be 
acquired. By acquiring the object corresponding to the 
message bearing a matching platform identifier, the set-top 
terminal acquires programming code compatible with its 
attributes. Additionally, the cable television system can then 
optimally support a varied population of set-top terminals. 

34 Claims, 4 Drawing Sheets 
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Fig. 2 
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METHOD AND SYSTEM FOR IDENTIFYING In order to initialize new set-top terminals and upgrade 

AND DOWNLOADING APPROPRIATE the programming in the existing population of set-top boxes 

SOFTWARE OR FORMWARE SPECIFIC TO on a cable network, it is preferable to transmit the necessary 

A PARTICULAR MODEL OF SET-TOP BOX programming to the set-top boxes via the cable network 

IN A CABLE TELEVISION SYSTEM 5 itself. Otherwise, a technician must visit each subscriber to 

install or upgrade the set-top boxes. Such field installations 

RELATED APPLICATIONS and upgrades would obviously be at significant expense. The 

This application claims priority from a previous U.S. headend » facUit y from which the cable Qet * ork °P era * 

provisional patent application entitled "Software and Firm- tor broadcasts television signals and provides other services 

ware Initialization and Upgrade Management System and 10 ovcr thc cable network. Software that is provided to the 

Method for an Advanced Set-Top Box in a Cable Television Population of set-top , terminals could be broadcast from the 

System," Ser. No. 60/130,328, filed Apr. 21, 1999. headend over the cable network. 

However, there are a variety of problems associated with 

FIELD OF THE INVENTION initializing and upgrading set-top terminals by broadcasting 

The present invention relates to the field of initializing a 15 programming from the headend. For example, over time the 

set-top terminal of a cable television system and upgrading population of set-top terminals will likely include different 

the software or firmware in the set-top terminal. More makes and models of set-top terminals with different capaci- 

particularly, the present invention relates to the field of The software required to initialize or upgrade each 

identifying and then downloading a specific version of a make md model of ^-^P terminal may be different, 

base platform code or other code object over the cable 20 Consequently, there is a need in the art for a method of 

network that is appropriate to the architecture and capabili- matching the proper programming code to the capabilities of 

ties of set-top terminal performing the download. the set ' l0 P terminal being initialized or upgraded. 

Additionally, there is a need to automate the initialization 

BACKGROUND OF THE INVENTION process so as to eliminate or decrease the time required by 

In a typical cable television system, subscribers are pro- 25 * technician to install, upgrade or re-initialize a set-top 

vided with a set-top box or terminal. The set-top terminal is rmma . 

a box of electronic equipment that is used to connect the SUMMARY OF THE INVENTION 
subscriber's television, and potentially other electronic 

equipment, with the cable network. The set-top box is 3Q It is an object of the present invention to meet the 

usually connected to the cable network through a co-axial above-described needs and others. Specifically, it is an 

wall outlet. object of the present invention to provide a method and 

The set-top box is essentially a computer that is pro- mechanism for matching the proper programming code 

grammed to process the signals from the cable network so as bein S broadcast over the cable plant to the capabilities of the 

to provide the subscriber with the cable services. These 35 set-top terminal bemg initialized or upgraded. Additionally, 

services from the cable television company typically include {i is a mrther ob J ect of me present invention to automate the 

access to a number of television channels and, perhaps, an initialization process so as to eliminate or decrease the time 

electronic program guide. Additional premium channels required by a technician to install, upgrade or re-initialize a 

may also be provided to subscribers at an additional fee. set-top terminal. 

Pay-per-view events and video -on-demand may also be 40 Additional objects, advantages and novel features of the 

provided over the cable network. The set-top box is pro- invention will be set forth in the description which follows 

grammed to provide these and other services to the sub- or may be learned by those skilled in the art through reading 

scriber. these materials or practicing the invention. The objects and 

However, the services of the cable company need not be advantages of the invention may be achieved through the 

limited to providing television programming. Some cable 45 means recited in the attached claims, 

companies are now offering internet access and e-mail over To achieve these stated and other objects, the present 

their cable networks at speeds much faster than are available invention may be embodied and described as a method of 

over conventional telephone lines. It is anticipated in the identifying a code object for download by a set-top terminal 

future that more and more services will be provided over the from a data transport stream broadcast to the set-top terminal 

cable network, including even basic telephone service. 50 over a cable television system where the object identified is 

Eventually, each home or office may have a single appropriate to the architecture and capabilities of the set-top 

connection, via the cable network, to all electronic data terminal. The method is performed by matching a platform 

services. identifier stored in the set-top terminal with a platform 

When a new set-top terminal is added to the cable identifier in a download locator message that specifies where 

network, it must be initialized. To initialize a set-top 55 in the data transport stream a particular code object can be 

terminal, the terminal must be provided with the program- acquired. The platform identifier is specific to the architec- 

ming required to allow it to function within the specific cable ture and capabilities of the set-top terminal. Preferably, the 

network to which it is connected and to thereby provide the download locator message is an entitlement management 

services for which the subscriber has paid. Additionally, as message. 

the cable network and the services provided evolve, the 60 Prior to comparing the platform identifiers, the method 

set-top terminal must also evolve to be able to provide includes tuning the data transport stream with the set-top 

subscribers with all the services of the cable network. This terminal based on a table of control channels carrying data 

set-top box evolution will primarily involve changes to the transport streams. After tuning the data transport stream, the 

programming, or perhaps a re -initialization, of the set-top method proceeds by collecting PID 1 packets from the data 

box. By upgrading the soft- or firmware of the set-top box, 65 transport stream and extracting from the data of those 

the box can be made to perform more efficiently or offer new packets a table specifying packet identifiers for a group of 

services as the cable network evolves. download locator messages being transmitted on the data 
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transport stream. With this table, the method proceeds by classes of set- top terminals within the terminal population 

successively acquiring each of the download locator mes- and each downloading terminal must identify and acquire 

sages listed in the table and extracting from each download the programming object or objects appropriate to its archi- 

locator message a platform identifier. This continues until a tecture and capabilities. This process includes providing 

download locator message is found bearing a platform 5 those code objects to the set-top boxes that are necessary to 

identifier that matches the platform identifier stored in the allow those set-top boxes to function within the cable system 

set-top terminal. or to upgrade the programming resident in different classes 

After a match is found, the method proceed by obtaining of set-top boxes so as to provide the services purchased by 

locator data from the download locator message that has the subscribers. 

platform identifier that matches the platform identifier stored 10 Stated in broad principle, the present invention aims to 

in the set-top terminal. The locator data specifies where in provide a set-top terminal architecture that includes a resi- 

the data transport stream a particular code object can be dent boot code object. As shown in FIG. 3, the boot code 

acquired. That particular code object will be appropriate for object (302) resides in the set-top terminal (300), preferably 

and compatible with the set-top terminal as indicated by the in read only memory (ROM) (301) and can automatically 

matched platform identifiers. The method then concludes 15 execute and initialize or reinitialize the set-top terminal. The 

with downloading to the set-top terminal the particular code boot code will preferably be automatically executed by the 

object specified by the locator data from the download central processor (321) of the set-top terminal. Execution of 

locator message that contains the platform identifier that the boot code may be triggered by and immediately follow 

matches the platform identifier stored in the set-top terminal. connection of power to the set-top terminal. The present 

The particular code object being acquired can be any of 20 invention may additionally require connection of the trans- 
several different classes of objects. For example, the object P orl stream signal (322) from the cable system before 
can be a base platform code object, an operating system code execution of the boot code is triggered. Once the boot code 
object or a resident application code object. is executing, no further action by the user/installer need be 

The present invention also encompasses the necessary « required Moreover no specific interaction is required 

hardware to perform the method described above. For 25 between * he ^ eadend and terminal ^ » initia1 ' 

example, the present invention encompasses a system for of lzm 8 or booting. 

identifying a code object for download by a set-top terminal As will be described in detail below, the boot code (302) 
from a data transport stream broadcast to the set-top terminal °f the present invention will automatically find, download 
over a cable television system where the object identified is 3Q a nd begin execution of the correct software code object or 
appropriate to the architecture and capabilities of the set-top objects needed to initialize the set-top terminal. The boot 
terminal. Such a system would minimally comprise means code (302) will locate, identify and download the required 
for obtaining a first platform identifier in a download locator programming from among potentially many code objects 
message that specifies where in the data transport stream a that might be multiplexed on the transport stream (322) 
particular code object can be acquired; and means for 35 coming from the headend facility of the cable television 
matching the first platform identifier with a second platform system. The boot code (302) recognizes the hardware con- 
identifier stored in the set-top terminal. figuration of the set-top terminal (300) in which it resides via 

an internal ROM coded identifier (320). This identifier (320) 

BRIEF DESCRIPTION OF THE DRAWINGS is matched against a value carried in an object download 

™ .j . , . locator message from the transport stream (322) to insure 

uon and are a part of the specification. Together with the riate to the „t.lop ,ermiiMl (300) in which the boot 

following description, the drawings demonstrate and explain c ££ e ^$2) is resident 

the principles of the present invention. ^ 

inn t • li i j * mi * *■ *u j'ir x Functionally, the boot code of the present invention will 

FIG. 1 » . block diagram illustrating the three different idenUf „ ^ iate control chan ^ f flnd ^ 

stages at which different programmmg packages have con- 45 ^"/^ ^ ^ ^ ^ ntro y chanilel 

trol ot the set-top terminal during the initialization process j j a i j *l * l- , c 

c * • identify and download the correct object from among the 

of the present invention. . • ' tU . « , . c J A . A iL « * & , , 

r objects on the transport stream, verify that the downloaded 

FIG. 2 is a flow chart illustrating the steps of the initial- code & authorized and error-free, and start the downloaded 

ization process for a set-top terminal according to the ^ code without direct assistance by a technician or interven- 

present invention. ^ on fr om me headend. The term "boot code" as used herein 

FIG. 3 is a block diagram of the various memory devices comprises the minimal code needed to accomplish this 

and some code objects used in a set- top box according to the functionality. 

present invention. There are essentially two distinct phases of programming 

FIG. 4 is a flow chart illustrated the method of the present S5 a set-top box addressed by the present invention. The first is 

invention for identifying code objects to be downloaded that the initial programming of the set-top box. The second is 

are appropriate to the architecture and capabilities of the upgrading the programming or re-initialization of the set-top 

downloading set-top terminal. box after that box has been placed in service. 

DETAILED DESCRIPTION OF THE ™ e ^ Wffnwmg of the set-top box is often 

INVENTION 60 P erformed bv ^ cable svslem operator after the set-top box 

has been purchased from a manufacturer. Because each 

The present invention addresses the problems involved in cable network is designed and built at different times by 

broadcasting a variety of programming over a cable televi- different service providers, each cable network may have a 

sion system for download by the population of set-top different design and architecture and use different code 

terminals connected to the network so as to initialize or 65 objects. Additionally, each system will likely have different 

upgrade those terminals where different programming classes of set-top terminals which were installed at different 

objects being broadcast are appropriate to different specific times and have different architectures and capabilities. 
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Moreover, the specific services offered may vary among acquire, authenticate, authorize and execute objects of the 

cable networks. third and final classification of programming (e.g., tbe O/S) 

Therefore, to adapt the set-top boxes to function within ($)• 

the specific environment of a service provider's cable sys- The third classification of programming, the operating 

tern and to provide the specific group of services currently 5 system and resident applications (6) provide the additional 

offered by that particular service provider, each set-top box set-top terminal functions available from the cable system, 

must be programmed accordingly or "initialized." The operating system (O/S) is typically code from a third 

Additionally, each terminal should, thereafter, be periodi- party (such as Microsoft's WinCE™) that provides access, 

cally re-programmed or upgraded to continue to function with the resident applications, to all authorized set-top 

optimally within the evolving cable television system. Each 10 terminal capabilities. The operating system typically uses an 

time the programming of a set-top terminal is changed, the additional embedded code module provided by the manu- 

new code must be appropriate to the architecture and capa- facturer of the set-top terminal which interfaces the operat- 

bilities of that terminal. ing system with the particular hardware of that set-top 

The process of programming or reprogramming a set-top terminal to enable the operating system to function with that 

terminal according to the present invention will now be 15 specific set-top terminal. 

explained. In order for a set-top terminal to be initialized, Resident applications are computer programs that run on 

i.e., accept and utilize the initial programming it receives, it the set- top terminal under the operating system. The resident 

must have some base programming that instructs it how to applications work with the operating system to provide the 

accept and use that initial programming. This base program- capabilities of the set-top terminal that are in addition to 

ming within the context of the present invention is called the 20 watching television. The native suite is a specified group of 

boot code. As described above, the boot code is computer software applications, including the operating system and 

code resident in the permanent memory of the set-top perhaps various resident applications, that provide the 

terminal that is loaded, preferably into read-only memory, at intended functions of the set-top terminal Specific elements 

the factory and cannot be changed once a terminal has been of the native suite are determined by the system operator, 

deployed. 25 As indicated in FIGS. 1 and 3, the boot code (1,302) is 

As shown in FIG. 1, there are three general tiers or preferably factory-loaded in the read-only memory (ROM) 

classifications of programming that run on or have control of of the set-top terminal and is executed as soon as AC power 

the set-top terminal during different stages in the initializa- is provided to the set-top terminal Alternatively, the boot 

tion and operation of the terminal according to the present 3Q code may be executed in response to a reset signal (4) 

invention. Referring to FIG. 1, the first classification of code received, for example, from the headend, i.e., the system 

is the boot code (1). While running the boot code (1), the operator. This allows the system operator to re-initialize the 

set-top terminal cannot provide any services to the sub- set-top terminal whenever desired. 

scriber. The function (2) of the boot code (1) is to search the The reset signal (4) is preferably received by the base- 
data transport stream received from the headend facility to 35 platform code (3) which then terminates execution of the 
locate, acquire and begin execution of the base platform operating system and resident applications (6), if running, 
code (3) which is the next tier or classification of program- and begins execution of the boot code (1). Alternatively, the 
ming. reset signal (4) may cause the base platform code (3) to 
The boot code (1) is designed to authenticate the base terminate and reload the native suite (6) rather than execute 
platform code after the base platform code is downloaded. ^ the boot code (1). 

The boot code (1) will preferably re-authenticate the base As described above, whenever executed, the boot code (1) 

platform code every time it launches the base platform acquires and loads the base platform code (2). The base 

object (3). When the base platform code (3) is executing, the platform code may be provided to the set-top terminal over 

execution of the boot code (1) is terminated and control of the cable network from the headend or, alternatively, may be 

the set-top terminal passes to the base platform code (3). 45 factory-loaded along with the boot code. The boot code (1) 

The base platform code (3) may be factory loaded. will either download the base platform .code (3), for 

However, under the principles of the present invention, the example, over an out-of-band channel from the headend or, 

base platform code (3) is preferably transmitted to the if the base platform code was factory-loaded, identify the 

set-top terminal from the cable headend during the initial- base platform code (3) in memory. The boot code (1) 

izatioo of the terminal. This allows the operator of the cable 50 authenticates the base platform code (3) from whatever 

system to customize the base platform code (3) for optimal source it is obtained and then executes the base platform 

operation on the specific cable system where the set-top code (3). 

terminal is deployed. Preferably, the base platform code (3) The base platform code (3) then acquires the operating 
is transmitted over the cable plant on an out-of-band (OOB) system and, preferably, the other objects of the native suite 
transport stream. However, it is within the scope of the 55 (6). The operating system and the other objects are down- 
present invention for the base platform code (3) to be loaded from the headend over the cable network. The base 
transmitted on an in-band control channel. platform code (3) will acquire the operating system and 
The base platform code (3) has two functions. The first other objects when first executed or, while running, in 
function of the base platform code (3) are to provide the response to an initialization message (4) from the system 
basic capability of allowing a subscriber to watch television 60 operator. The initialization message (4) maybe provided 
using the signal from the cable television system. The over the cable network. The operating system and resident 
second function is to control the download (5) of the next applications (6) are then executed when the native suite is 
classification of code objects, i.e., the target operating sys- acquired, authorized and authenticated, 
tern (O/S) and resident applications (<5). The base platform FIG. 2 is a flowchart providing a more detailed explana- 
code (3), while allowing subscribers to watch television, 65 tion of the initialization sequence according to the present 
does not generally support any additional functions of the invention. As shown in FIG. 2, when the set-top terminal is 
set-top terminal. However, the base platform code (3) can first powered, or an appropriate reset signal has been 
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received, the boot code is executed (229). The boot code control channel into packets. The packets of the various 
must first determine whether the set-top box has or must objects being transmitted can then be interspersed or time- 
acquire the base platform code. To determine this, the boot multiplexed together so that several objects are all transmit- 
code first checks the flash memory for the base platform ted essentially simultaneously. The packets for each particu- 
code, the last known carrier (LKC) frequency of the control 5 l*r object will have a common packet identifier or "PID." 
channel from the headend, and an Entitlement Management ? set - to P te ™inal can identify the packets for the 
Message Provider Identification ("EMM Provider ID") (201, ob if ci 11 » worldng to acquire. By acquiring all the packets 



with a particular PID, the complete object can then be 
reassembled by the set-top terminal from the set of packets 



202). 

If any of three following conditions are discovered, the witfT that p articular PIE)" 

boot code will conclude that it must acquire the base W Accordin (o me ^ invention) a set . top terminal can 

platform code and will hunt for the out-of-band channel or start myv ^ n in ^ & progression to acquire an object and 

the in-band channel from which the base platform code can wrap around until all the necessary packets are downloaded, 

be obtained. The boot code seeks to acquire the base p or examp i ej the set-top terminal may load the first packet 

platform code if (1) the base platform code, last known it receives with a PID X. That packet may be packet 50 of 

carrier and EMM Provider ID are not stored in the Flash ™ 100 marked by PID X, The terminal then continues to collect 

memory, (2) the base platform code in the Flash memory pac kets 51 to 100 with PID X, then 1 to 49. With all 100 

fails an authentication check or (3) non-volatile memory packets obtained, the terminal can reassemble the packetized 

indicates that hunting for the control channel (likely an object. 

out-of-band channel) is required. Qf particular concem to me present invention it the 

If the Flash check determines that a base platform code potential need to broadcast a number of objects simulta- 

object exists, the boot code proceeds to execute that base neously to accommodate different types or classes of set-top 

platform object after appropriate authorization and authen- terminals in the population. Each class of set-top terminals 

tication as described below. If both the base platform and the mav need a different version of, for example, the base 

O/S are loaded in Flash, the boot code authorizes and platform code, the O/S or a resident application. Therefore, 

authenticates the base platform and then launches the base wnen the boot code is going to initialize the set-top terminal 

platform and passes control of the set-top terminal thereto. m d must acquire the base platform code, the boot code must 

The base platform object, in turn, authorizes and authenti- determine where to acquire the base platform appropriate to 

cates (A&A) the O/S. The authenticated O/S is then run and the set-top terminal on which it is running, 

control passes to the O/S. ^ process f or identifying the correct object to download 

If the base platform code is not loaded in Flash memory, will now be described in detail with reference to FIGS. 3 and 
the boot code loads the base platform off of the out-of-band 4. As shown in FIG. 3, the processor (321) of the set-top 
transport stream (203, 204, 207). However, before it is terminal (300) controls a tuner (323) to tune a control 
written to Flash memory, a successful authentication is channel over which data and programming are being broad- 
required (206, 205). When the authenticated base platform 3S cas t by the headend to the population of set-top terminals, 
code is executed, the boot code passes control to the base box (30Q) ^ havc a table of carricr fcquen- 
platform (211,228). If the base platform code fails the ries at which the headend may be broadcasting a control 
authentication check (205), the failed base platform code is channel of data and programming. As shown in FIG. 4, the 
deleted (208) and a counter is incremented (209) that tracks method of the present invention may begin with the set-top 
the number of attempts to acquire and authenticate a base ^ terminal tuning the first control channel listed in that table 
platform code. If the counter is below a predetermined (401). Qnce the carrier lock is achieved and the control 
acceptable number of attempts, the base platform code is channel is being received, the boot code will begin collect- 
again downloaded (207). Alternatively, if the acceptable mg packets from the transport stream on the control channel 
number of attempts to download the base platform code is mat arc identified with PID 1 (402). PID 1 is dedicated to the 
exceeded, the set-top terminal may signal the headend for a 45 conditional access message in the MPEG standard. The 
service call (210). packets of PID 1 will provide the boot code running on the 

Under the principles of the present invention, the boot set-top terminal with a Conditional Access Table (CAT) of 

code locates the base platform object using a boot code EMM Provider IDs each of which identifies a PID for a set 

message or "bootcode_control_message" that is sent peri- of packets on the transport stream that constitute an EMM 

odically on the out-of-band transport stream (204). Use of 50 stream (Entitlement Management Message) (403, 404). 

the bootcode_controL_message will now be described in The boot code will begin with the first EMM Provider ID 

detail and begin loading packets from the transport stream that are 

When the boot code determines the need to download the marked with the EMM PID given by the first EMM Provider 
base platform object, it first hunts for the control channel. A ID (405). The EMM PID packets being acquired will contain 
table of possible carrier frequencies at which the control 55 a boot code message of the present invention which, in turn, 
channel or channels are being broadcast is included in the includes a platform identifier. Thus, the Entitlement Man- 
boot code. Trjese frequencies may be both in-band and agement Message will be extracted from the EMM PID 
out-of-band. The boot code will cause the set-top terminal to packets acquired (406) and the platform identifier from the 
tune each of these frequencies in turn until the control EMM will be extracted (407). 

channel is located and a carrier lock is obtained. If no control 6 o As shown in FIG. 3, the boot code (302) which is 

channel is received at a particular frequency for a predeter- factory-installed in the set-top terminal will also include a 

mined period of time, the set-top terminal will tune the next platform identifier (320) that is specific to the type, archi- 

frequency in the table. tecture and capabilities of terminal (300) in which the boot 

The control channel is a stream of data packets that can be code is resident. When running, the boot code will attempt 

received and used by the set-top terminal. In order to 65 to match the platform identifier provided at the factory with 

broadcast a number of different objects simultaneously, the the platform identifier from the boot code message of the 

headend will divide objects to be transmitted over the EMM PID packets (408, 409). 



05/12/2004, EAST Version: 1.4.1 



US 6,718,374 Bl 

9 10 

If no match is found, the boot code will select the next the Flash memory (214). If it is not, the base platform code. 

EMM Provider ID in the CAT and check the packets of the will seek to download the native suite. 

EMM PID identified by that EMM Provider ID for a boot with the base platform code running, the system operator 

code message with a matching platform identifier (410, m ay provide the set-top terminal with a set of "initialization 

405). This continues until the matching platform identifier is 5 messages" that provide, for example, channel maps, tables 

found. It may be possible to search multiple EMM PID's and EMM information (219, 212). These messages should 

simultaneously to reduce the EMM validation time and the be provided before the native suite is loaded. The initializa- 

time required to find the matching boot code message. tion messages may instruct the set-top terminal where to 

If all the EMM Provider IDs in the CAT of PID 1 are acquire the native suite, 
checked and no match is found for the platform identifier 10 After the native suite has been downloaded, or is found 
(410), the boot code will look for another control channel on already existing in Flash memory, an authorization check is 
another carrier frequency by returning to the table of carrier performed on the native suite (215, 220, 224, 223). The 
frequencies (401). When another frequency with a control download of the native suite will include an Object Condi- 
channel is identified and locked, the boot code will extract tional Access Message (OCAM) that is recorded by the 
PID 1 and repeat the process outlined above. This continues 1 5 set-top terminal. The authentication signature and authori- 
until a boot code message with a platform identifier match- zation code for the native suite object are provided in the 
ing the platform identifier of the boot code is found. OCAM and used to authorize and authenticate the native 

When the boot code finds a boot code message with a suite in the manner described below, 

matching platform identifier, the boot code will extract a If the authorization check is not successful, the native 

download PID (DL PID) specified by the EMM with the 20 suite code will be deleted (225, 217) and the base platform 

matching platform identifier (411). The download PID (DL code will again attempt to acquire the native suite (221). If 

PID) is the identifier for the packets that carry the code the authorization check is successful, the native suite and 

object, e.g., the base platform code object, that is appropriate any resident applications associated with it, are loaded and 

for the type of set-top terminal (300) with the platform an authentication check is performed (222). As before, if the 

identifier (320). The boot code can then download the base 25 authentication check fails, the downloaded code will be 

platform code or other code object by acquiring the packets deleted (217) and a load counter will be checked (216) to see 

with the DL PID and reassembling the data in those packets if another attempt to download the code should be made or 

into the base platform code. a service call signaled (213). 

As will be understood by those in the art, the platform 3Q Alternatively, if the authentication check (222, 218) is 

identifier (320) of the present invention can be used to check successful, the native suite and any associated resident 

any type of code object for is compatibility with the terminal applications will be executed beginning with the O/S (226, 

in which the identifier (320) is resident. Tlie invention is not 227). The base platform code performs the authorization and 

limited to the use of the identifier (320) by the boot code authentication on the O/S code. If the O/S passes the 

(302) to locate and identify an appropriate base platform 35 authorization and authentication, checks, the O/S is executed 

code. The platform identifier (320) of the present invention and control is transferred to the O/S. The BIOS (Basic 

can be used in the same manner described above, for Input/Output Software) may perform the authorization and 

example, by the base platform code to identify and acquire authentication of the remainder of the native suite (215, 224, 

an operating system object designed for the downloading 222). 

set-top terminal. The platform identifier (320) can also be ^ i n summary, various portions of the boot process include 

used to identify other elements of the native suite, i.e., m object authorization and authentication (A&A) process 

resident applications, that are appropriate for the download- f or new ly acquired or located objects. The authorization 

ing set-top terminal. check of the native suite is done within the base platform. 

Additionally, the platform identifier (320) of the present The authorization of the base platform is, in turn performed 

invention need not necessarily be incorporated into the boot 45 by the boot code, which can only authenticate a base 

code (302). Rather, the platform identifier (320) can be platform object. When running, the O/S of the native suite 

stored anywhere within the set-top terminal (300) where it performs the authentication and authorization of subse- 

can be accessed by the executing programs that require it to quently loaded objects. These checks are required so that, 

identify appropriate code objects for download. given an interruption in power, etc., the authorization status 

As shown in FIG. 2, once the base platform code has been 50 ot the terminal can be verified. If, at any point an authori- 

downloaded or identified as already resident in Flash zation or authentication check fails, the object being checked 

memory, an authentication check (206) is performed to is disabled. 

verify that the base platform code has been accurately and Authentication is performed as follows. When a code 

completely received and has not been altered by an unau- object is broadcast over the cable network, it is associated 

thorized party. If the base platform fails the authentication 55 with an authorization code and an authentication signature, 

check, it is deleted (208). A load counter may then be For the base platform object, the authorization code is 

checked to determine the number of times the set-top preferably given in an objected field of the boot code 

terminal has attempted to acquire a valid base platform code message. The authentication signature is preferably given in 

(209). If the counter exceeds a predetermined limit, the an object_description field of the boot code message. For 

set-top terminal may signal the headend for a service call or 60 other objects, such as the O/S and the native suite, the 

may indicate the need to request a service call to the authorization code and authentication signature are provided 

subscriber (210). If the load counter is not exceeded, the in an OCAM downloaded with the object, 

boot code will revert to the process described above and The authentication signature is computed mathematically 

attempt again to download the base platform code (207). us ing a specific algorithm with the code object itself as the 

Alternatively, if the base platform code is authenticated, it 65 input for the algorithm. The signature is then re-computed 

is then launched (211). The base platform code will then by the set-top terminal using the same algorithm and the 

determine if the native suite, including the O/S, is loaded in downloaded code as input. If the signature computed by the 
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set-top terminal matches the one transmitted with the code, cated. Once authorization and authentication are success- 

the code can be implemented with confidence that its has fully completed, the objects may be transferred from the 

been transmitted properly, without inadvertent or malicious RAM (309) to the Flash memory unit (303) for long-term 

alteration. storage. 

The present invention provides for two basic ways to 5 The preceding description has been presented only to 

upgrade the basic platform in a population of set-top termi- illustrate and describe the invention. It is not intended to be 

nals once those terminals have been placed in full service. exhaustive or to limit the invention to any precise form 

These two methods of upgrade are (1) a universal upgrade disclosed. Many modifications and variations are possible in 

of the entire population (i.e., the entire population tuned to light of the above teaching. 

a particular control stream) and (2) a targeted upgrade of a 10 The preferred embodiment was chosen and described in 

subset or subsets of the population. Both methods may make order to best explain the principles of the invention and its 

use of the boot code to perform the upgrade. practical application. The preceding description is intended 

A universal upgrade is accomplished by broadcasting an to enable others skilled in the art to best utilize the invention 

order from the headend for all set-top terminals on the m various embodiments and with various modifications as 

control stream to delete their existing base platform object. are suited to me particular use contemplated. 

The boot code then begins executing, assumes control, and what is claimed is* 

performs the iniuaUzation procedure outlined above, includ- x A method of identifyin a code o5ject for dowiuoad by 

ing replacing the deleted base platform with a base platform a &et . (op terminal from a data gtream broadcast to 

downloaded over the cable network. ^ seMop terminal ovef a cabk television system where the 

A targeted upgrade applies to a single terminal or a small ^ ob j ect identified is appropriate to the architecture and capa- 
group of terminals on a given control channel. Each terminal bilities of me terminal, the method comprising 
has a specific single-cast address and can, therefore, be malc hing a platform identifier stored in said set-top terminal 
addressed by the headend and instructed to delete the with a p i at fonn identifier in a download locator 
existing base platform code and re-initialize with upgrade mesS age that specifies where in said data transport stream a 
code. Alternatively, each terminal has one or more multi-cast particular code object can be acquired, wherein said plat- 
addresses that are shared by other terminals in the popula- form identmer stored in ^id set . top terminal is specific to 
tion. Four such multi-cast addresses for each terminal are said arc hitecture and capabilities of said set-top terminal; 
preferred. With a multi-cast address the headend can signal whefein said download locator m k added ^ t 
a code purge and re-initialization for a specific class of of ^ entitlement management meS sage. 
terminals that share that particular multi-cast address. ^ 2 The ffiethod of claim x CKm ^ 3Q% ^ 

In a targeted upgrade, the base platform, using standard data transport str eam with said set-top terminal based on a 

download messages, sets up download parameters in a table of control channels carrying data transport streams, 

start-up database in non-volatile memory (See FIG. 3) and 3 ^ method 0 f claim 1, further comprising collecting 

allows the boot code to take control. The boot code then uses piD x packets from said data stream an d extracting 

the parameters to acquire the upgraded base platform code, 35 therefrom a table specifying packet identifiers for a plurality 

replacing the original base platform code. This is done while 0 f download locator messages being transmitted on said data 

the older version of the base platform code is still spinning transport stream. 

at a location indicated by the boot message. 4 method * 0 f claim 3, further comprising successively 

In addition to the examples given above, an upgrade need acquiring said plurality of download locator messages 

not disturb the base platform code. Rather, the upgrade or 40 according to said table and extracting platform identifiers 

reset signal, whether universal or targeted, may instruct the therefrom until a download locator message is found bearing 

set-top terminals) to terminate and delete only the operating a platform identifier that matches said platform identifier 

system (O/S), the entire native suite, or one or more par- stor ed in said set-top terminal. 

ticular resident applications. Control then returns to the base 5. The method of claim 4, further comprising obtaining 

platform code which will acquire and authenticate a new 45 locator data from said download locator message having a 

O/S, entire native suite, or portions of the native suite as p latform identifier that matches said platform identifier 

necessary. In this way, the native suite (or just the O/S) can st0 red in said set-top terminal, wherein said locator data 

be upgraded without requiring the base platform code to be specifies where in said data transport stream a particular 

reacquired as well. co dc ob j cct can be acquired. 

FIG. 3 illustrates four memory units of a set-top terminal 50 6. The method of claim 5, further comprising download- 

(300) according to the present invention. A read-only ing to said set-top terminal said particular code object 

memory unit (ROM) (301) contains the boot code (302). A specified by said locator data from said download locator 

flash memory unit (303) contains the base platform code message having a platform identifier that matches said 

(304) and the O/S object (306). Aside from these objects, platform identifier stored in said set-top terminal, 

additional flash memory is available (305). Two stack point- 5S 7. The method of claim 1, wherein said code object is a 

ers (307, 308) designate absolute locations in the Flash base platform code object. 

memory (303) for the base platform code (304, 308) and the 8. The method of claim 1, wherein said code object is an 

O/S (306, 307). It is important that these two objects are operating system code object. 

always located at the same location in Flash (303). 9. The method of claim 1, wherein said code object is a 

A non-volatile memory unit (310) preferably has both a 60 resident application code object, 

managed and a non-managed segment. The base platform 10. A system for of identifying a code object for download 

code (304) may store parameters and other data in the by a set-top terminal from a data transport stream broadcast 

non-managed portion of the non-volatile memory unit (310). to the set- top terminal over a cable television system where 

Finally, a random access memory unit (RAM) (309) is the object identified is appropriate to the architecture and 

provided. 65 capabilities of the set-top terminal, the system comprising: 

Downloaded objects such as the base platform code, the means for obtaining a first platform identifier in a down- 

O/S, etc. may be stored in the RAM (309) until authenti- load locator message that specifies where in said data 
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transport stream a particular code object can be 
acquired; and 

means for matching said first platform identifier with a 
second platform identifier stored in said set-top 
terminal, 5 

wherein said platform identifier is specific to said archi- 
tecture and capabilities of said set-top terminal; 

wherein said download locator message is added as part 
of an entitlement management message. Q 

11. The system of claim 10, further comprising means for 
tuning said data transport stream with said set-top terminal 
based on a table of control channels carrying data transport 
streams. 

12. The system of claim 10, further comprising: 15 
means for collecting PID 1 packets from said data trans- 
port stream; and 

means for extracting therefrom a table specifying packet 
identifiers for a plurality of download locator messages 
being transmitted on said data transport stream. 20 

13. The system of claim 12, further comprising means for 
successively acquiring said plurality of download locator 
messages according to said table and extracting platform 
identifiers therefrom until a download locator message is 
found bearing a first platform identifier that matches said 25 
second platform identifier stored in said set-top terminal. 

14. The system of claim 13, further comprising means for 
obtaining locator data from said download locator message 
having said first platform identifier that matches said second 
platform identifier stored in said set-top terminal, wherein 30 
said locator data specifies where in said data transport 
stream a particular code object can be acquired. 

15. The system of claim 14, further comprising means for 
downloading to said set-top terminal said particular code 
object specified by said locator data from said download 35 
locator message having said first platform identifier that 
matches said second platform identifier stored in said set-top 
terminal. 

16. The system of claim 10, wherein said code object is 

a base platform code object. 40 

17. The system of claim 10, wherein said code object is 
an operating system code object. 

18. The system of claim 10, wherein said code object is 
a resident application code object. 

19. A method of initializing a set-top terminal, said 45 
method comprising: 

executing a boot code object with said set-top terminal; 
and 

with said boot code object, acquiring and launching a base 
platform code object on said set-top terminal by match- 50 
ing a platform identifier stored in said set-top terminal 
with a second platform identifier in a download locator 
message that specifies where in a data transport stream 
said base platform code object can be acquired, wherein 
said platform identifier stored in said set-top terminal is 55 
specific to said architecture and capabilities of said 
set-top terminal and wherein said download locator 
message is added as part of an entitlement management 
message; 

wherein said base platform code object, when executing, 
provides said set-top terminal with an ability to receive, 
tune and output television prograrmiiing from a cable 
television system. 
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20. The method of claim 19, wherein said acquiring said 
base platform code object comprises retrieving said base 
platform code object from a memory of said set-top termi- 
nal. 

21. The method of claim 19, wherein said acquiring said 
base platform code object further comprises downloading 
said base platform code object from a headend. 

22. The method of claim 19, wherein said acquiring and 
launching said base platform code object further comprises 
authenticating said base platform code object prior to 
launching said base platform code object. 

23. The method of claim 22, further comprising, if said 
base platform code object fails said authenticating of said 
base platform code object, deleting said base platform code 
object; re-acquiring said base platform code object; and 
authenticating said re-acquired base platform object. 

24. The method of claim 23, further comprising counting 
a number of failed attempts to authenticate a base platform 
code object. 

25. The method of claim 24, further comprising signaling 
for a service call when said number of failed attempts to 
authenticate a base platform code object reaches a pre- 
determined limit. 

26. The method of claim 19, wherein said acquiring said 
base platform code object further comprises checking 
memory of said set-top terminal for a base platform code 
object, a last known carrier frequency of a control channel 
and an Entitlement Management Message Provider Identi- 
fication. 

27. The method of claim 26, further comprising down- 
loading said base platform code object to said set-top 
terminal if said base platform code object, last known carrier 
frequency of a control channel and Entitlement Management 
Message Provider Identification are not found in said 
memory of said set-top terminal. 

28. The method of claim 19, further comprising, with said 
base platform code object executing on said set-top terminal, 
acquiring and launching an operating system on said set-top 
terminal. 

29. The method of claim 28, wherein said acquiring said 
operating system comprises retrieving said operating system 
from a memory of said set-top terminal. 

30. The method of claim 28, wherein said acquiring said 
operating system further comprises downloading said oper- 
ating system from a headend. 

31. The method of claim 28, wherein said acquiring and 
launching said operating system further comprises authen- 
ticating and authorizing said operating system prior to 
launching said operating system. 

32. The method of claim 31, further comprising, if said 
operating system fails said authenticating and authorizing, 
deleting said operating system; re -acquiring said operating 
system; and authenticating and authorizing said re-acquired 
operating system. 

33. The method of claim 32, further comprising counting 
a number of failed attempts to authenticate and authorize an 
operating system. 

34. The method of claim 33, further comprising signaling 
for a service call when said number of failed attempts 
reaches a pre-dctermined limit. 

* ♦ ♦ + + 
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